By Asher de Metz, Senior Manager, Sungard Availability Services
The question facing most businesses isn’t if they’ll be the target of ransomware, but when. Yet the percentage that feel adequately prepared for ransomware attacks rarely rises above 50 percent, according to surveys.
Part of the problem is a disparity in perception of risk between those on the ground – the IT teams that see the vulnerabilities and understand the threats – and those higher up. Board members don’t see the risk if everything is status quo. CFOs are more interested in spending time and money on efforts that will result in profit and gains, not the far less glamorous idea of protecting their data.
Groundless optimism or a reckless attitude can replace common sense. Partners need to help IT educate execs that, while ransomware is something of a lottery, there are steps that will minimize the impact and get the company back to business as usual quickly, without handing over any cryptocurrency.
Here are six ways the best-prepared companies protect themselves from ransomware:
They have segmented networks: Simply put, it’s a matter of putting up firewalls with strict filtering between different network segments. In the event of a ransomware attack, a firewall can quarantine the attack to the segment through which it entered by isolating it from the rest of the network. These systems take time and planning to implement correctly, but a company that has properly segmented networks can easily recover from an attack by closing off the infected segment and reimaging those machines.
What happens to companies that don’t segment? In a flat, unsegmented network, everything’s accessible at the same level. The only option for a company with this kind of network is to turn everything off — if there’s anything left to turn off. This can really cripple an operation. And, in doing so, they add a new problem: This creates their own personal denial-of-service attack. When they turn it back on, the virus will spread rapidly because the attack isn’t localized.
They keep sensitive data separate: Very often I see companies house critical client data on the same network as all of their other data. If it is segmented, it’s done poorly. If critical data lives in another network, it’s often completely open. A company may think a system is segmented if it’s on a different subnet or IP address, for instance, but that doesn’t qualify as segmentation. For example, interns, freelancers and other junior employees who would never need (or shouldn’t have) access to critical client or business data can access it. Without segmentation, it’s open season, and you’re vulnerable to internal threats.
Their board is on board: In enterprises, IT and security teams need support and direction to come from the top down, from the board and C-suite. As stated earlier, the very people who may not see ransomware as an imminent threat are the ones in charge of the purse strings. CFOs often aren’t interested, either. Spending more affects the bottom line, and they won’t see the value if they don’t understand the risk. Partners who fill a trusted-adviser role can bring to bear case studies and materials from suppliers that will open …